Computer network security: PT vs. VA
The security of computer networks is of vital importance for a company. With technologies increasingly relying on remote services, it is good to ensure that security is guaranteed. To do this, two tools are used: Vulnerability Assessment and Penetration Test. But what is the difference between them? The answer to this question is not as obvious as one might think.
The short answer is: a Pentest (PT) may be a form of vulnerability assessment (VA), but a vulnerability assessment is definitely not a Pentest. Let’s try to better understand how they work and their purposes.
Verification of the security of computer networks: Vulnerability Assessment
A vulnerability assessment is the process of running automated tools against defined IP addresses to identify vulnerabilities in the environment in which one operates. Vulnerabilities typically include unprotected or misconfigured systems. The tools used to perform vulnerability scans are specific software that automates the process. Obviously these software are practically useless without an operator who knows how to use them correctly.
These tools provide an easy way to scan for vulnerabilities and there are both open source and proprietary ones. The main advantage of the open-source ones is that, with great probability, they are the same ones used by hackers, they are unlikely to pay an expensive subscription, when they can download open source applications for free.
In practice, a VA allows you to:
identify and classify security holes in the computer network
understand the cyber threats to which the company is exposed
recommend corrective measures to eliminate the weaknesses found
The purpose of a Vulnerability Assessment is to identify known vulnerabilities so that they can be corrected. Scans are typically done at least quarterly, although many experts recommend monthly scans.
How to perform a VA
Il processo di esecuzione si divide in due fasi e non prevede lo sfruttamento delle debolezze riscontrate. Questo ulteriore passaggio e’ invece previsto nel Penetration Test.
- Fase 1: prima analisi
- durante questa fase vengono raccolte tutte le informazioni disponibili sull’obiettivo per determinare quali potrebbero essere i punti deboli e le falle nel sistema di sicurezza delle reti informatiche
- Fase 2: seconda analisi
- in questa fase, tramite l’uso delle informazioni ricavate, vengono messe alla prova i possibili problemi. In questa fase le vulnerabilita’ sono testate per capire se siano effettivi problemi come supposto precedentemente.
Data l’incredibile velocita’ in cui le tecnologie e le tecniche informatiche si evolvono, e’ possibile che un sistema si mostri sicuro questo mese, ma abbia invece delle criticita’ da risolvere il mese successivo. Per questo e’ consigliato ripetere regolarmente e con frequenza i controlli di sicurezza sulle reti informatiche aziendali.
The execution process is divided into two phases and does not involve exploiting the weaknesses found. This further step is instead foreseen in the Penetration Test.
Phase 1: first analysis
during this phase, all the information available on the objective is collected to determine what could be the weak points and gaps in the security system of computer networks
Phase 2: second analysis
in this phase, through the use of the information obtained, possible problems are put to the test. In this phase the vulnerabilities are tested to understand if they are actual problems as previously assumed.
Given the incredible speed at which computer technologies and techniques evolve, it is possible that a system will prove secure this month, but instead have some problems to solve the following month. For this reason, it is advisable to repeat the security checks on company computer networks regularly and frequently.
At the end of the process of verifying the vulnerabilities of a system, the final reports contain all the results collected. Typically these enclose all relevant information, including:
the list of vulnerabilities found
an in-depth description of the vulnerabilities
countermeasures to be adopted to reduce risks
Verification of vulnerabilities is a fundamental procedure for the company, but it does not guarantee the security of computer networks. For the correct maintenance of the security of your systems, it is also essential to use another tool: the Penetration Test.
The Pentest, or penetration test, is aimed at verifying how the vulnerabilities of a system can be exploited to gain access and move within it. One of the initial steps performed by a pentester is scanning the network to find IP addresses, device type, operating systems and possible system vulnerabilities. But unlike the Vulnerability Assessment, the Pentest doesn’t stop there.
Of crucial importance for a tester is the exploit of identified vulnerabilities in order to gain control of the network or to take possession of sensitive data. The tester uses configurable automated tools to perform exploits against computer network systems. The peculiar part, however, occurs when the tester performs manual exploit attempts, just like a hacker would.
Penetration tests are classified in two ways: gray box or black box.
Gray box tests are performed with full knowledge of the target company’s IT department. Information is shared with the tester, such as network diagrams, IP addresses, and system configurations. The approach of this method is the verification of the safety of the present technology.
A black box test, on the other hand, represents more properly the action of a hacker who tries to gain unauthorized access to a system. The IT department knows nothing about the test being performed and the tester is not provided with information about the target environment. The black box method evaluates both the underlying technology and the people and processes involved to identify and block an attack as it would happen in the real world.
Phases of the Pentest
Phase 1: Analysis
The system is analyzed, studying its strengths and weaknesses. All preliminary information is collected. This, of course, does not happen if it is a gray box pentest.
Phase 2: Scan
The entire infrastructure is scanned to find the weak points to focus on.
Phase 3: Planning
Thanks to the information gathered, we plan with which tools and techniques to use to hit the system. The possibilities are many and they are both purely technological and social engineering techniques.
Phase 4: actual attack
In this phase the testers try to exploit the identified vulnerabilities to gain full control of the targeted system.
At the end of the Penetration Test, a report is also compiled that details the entire process carried out and includes:
evaluation of the impact of a real attack on the company
solutions to solve problems and secure computer network systems
A Penetration Test that is not successful is a sign that the system under examination is safe * and the data inside it does not risk anything. However, this does not mean that the company will be protected forever from any attack: precisely because the strategies of hackers constantly evolve, it is important to carry out Penetration Tests regularly.
(*) It should be noted, however, that although a good Penetration Test follows guidelines or structuring methodologies (i.e. OWASP) it remains a test with a strong subjective impact of the Penetration Tester and of the team that performed it, therefore it cannot be excluded that by repeating the tests carried out by a different group of Penetration Tester we have no new results. Furthermore, as is well known to our readers, in the field of Cyber Security the concept of “safe” in absolute terms is inadequate.
How to do
Although Vulnerability Assessments and Penetration Tests have different objectives, both should be performed regularly to verify the overall security of the information system.
Vulnerability assessment should be done often to identify and fix known vulnerabilities. The Pentest should be carried out at least once a year and certainly after significant changes in the IT environment, to identify possible exploitable vulnerabilities that may allow unauthorized access to the system. Both of the services described in this article are available through SOD, even on a recursive basis to ensure test effectiveness. contact us to find out more.
- Hadoop Open Data Model: “open” data collection
- Pass the Ticket: how to mitigate it with a SOCaaS
- Use cases of a SOCaaS for companies part 2
- Use cases of a SOCaaS for companies part 1
- NIST Cybersecurity Framework
- “Left of boom” and “right of boom”: having a winning strategy
- Smishing: a fraud similar to phishing
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (14)
- Web Hosting (15)
- China's Hackers Crack Devices at Tianfu Cup for $1.5M in Prizes October 15, 2021China's premier hackers will target web browsers, operating systems, mobile devices, and even a car at Tianfu Cup.
- Cisco Duo Trusted Access Report: More Than 50% of Companies Plan Passwordless Move October 15, 2021Multifactor authentications soar as enterprises move away from passwords to secure hybrid workers.
- How Attackers Hack Humans October 15, 2021Inside their motivations, how they go about it -- and what businesses can do about it, according to Counterintelligence Institute founder Peter Warmka.
- 'Clumsy' BlackByte Malware Reuses Crypto Keys, Worms Into Networks October 15, 2021Discovered during a recent incident response engagement, the malware avoids Russian computers and uses a single symmetric key for encrypting every compromised system.
- Evolution Equity Partners Close $400M for Cybersecurity Investments October 15, 2021The firm expands capital base, team, and platform addressing a rapidly growing cybersecurity investment opportunity.
- From Help Desk to Head of SOC: Building a Cybersecurity Career on Empathy and Candor October 15, 2021Why a passion for helping people is key to delivering effective cybersecurity solutions.
- How AI Can Stop Zero-Day Ransomware October 15, 2021Ransomware attacks are unpredictable. AI is better at figuring out what looks malicious and abnormal than humans will ever be.
- Enterprise Data Storage Environments Riddled With Vulnerabilities October 14, 2021Many organizations are not properly protecting their storage and backup systems from compromise, new study finds.
- Increased Security Spending to Support Distributed Workforce October 14, 2021Security leaders are deploying or actively considering cloud security, threat intel, and XDR technologies.
- Deepfence Announces Open Source Availability of ThreatMapper October 14, 2021Cloud native security observability platform seamlessly scans, maps, and ranks application vulnerabilities from development through critical production stage.
- [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045) October 6, 2021Posted by bashis on Oct 05[STX] Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045) Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware:...
- Backdoor.Win32.Prorat.lkt / Port Bounce Scan (MITM) October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/dec8f9042986d64e29d62effb482290b_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.lkt Vulnerability: Port Bounce Scan (MITM) Description: The ProSpy Server V1.9 malware runs an FTP component that listens on TCP port 2121. Third-party attackers who successfully logon can abuse the backdoor […]
- Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/dec8f9042986d64e29d62effb482290b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Prorat.lkt Vulnerability: Weak Hardcoded Password Description: The ProSpy Server V1.9 malware runs an FTP component that listens on TCP port 2121. The FTP server requires authentication for remote user access. However, […]
- HackTool.Win32.Agent.gi / Local Stack Buffer Overflow (SEH) October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/e60606d19a36789662ba97b4bb5c4ccf.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: HackTool.Win32.Agent.gi Vulnerability: Local Stack Buffer Overflow (SEH) Description: The Hack Office 2000 malware doesnt check bounds when loading textfiles for the wordlist to perform website URL cracking. Loading a specially crafted […]
- Trojan-PSW.Win32.PdPinch.gen / Remote Denial of Service October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/0e4fbfeb6f7a98e437a497013b285ffc.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-PSW.Win32.PdPinch.gen Vulnerability: Remote Denial of Service Description: The malware listens on TCP port 1212. Third-party attackers who can reach infected systems can send a specially crafted junk HTTP request to trigger […]
- Backdoor.Win32.Hupigon.gy / Unauthenticated Open Proxy October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/be74cbb86c007309d8004d910f5270f7.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.gy Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP ports 8080, 1080. Third-party attackers who can connect to the infected system can relay requests from the original connection to […]
- Backdoor.Win32.Bifrose.ahyg / Insecure Permissions October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/d6aff119c03ff378d386b30b36b07a69.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Bifrose.ahyg Vulnerability: Insecure Permissions Description: The malware creates an dir with insecure permissions under c:\ drive granting change (C) permissions to the authenticated user group. Standard users can rename the...
- HEUR.Trojan.Win32.Generic / Insecure Service Path October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/2e4b6c5bd907995f6fd40c5eeab5c6e9.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: HEUR.Trojan.Win32.Generic Vulnerability: Insecure Service Path Description: The malware creates a service with an unquoted path. Third party attackers who can place an arbitrary executable under c:\ drive can potentially undermine the […]
- Backdoor.Win32.Yoddos.an / Insecure Service Path October 6, 2021Posted by malvuln on Oct 05Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/bf2417bf23a3b7ae2e44676882b4b9dd.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Yoddos.an Vulnerability: Insecure Service Path Description: The malware creates a service with an unquoted path. Third party attackers who can place an arbitrary executable under c:\ drive can potentially undermine the […]
Tempo di lettura: 5 minUtilizzo del Machine Learning per proteggere i dati Introdotto nel gennaio 2017, Acronis Act… https://t.co/mhqalBxm8D
Gli attacchi informatici sono numerosi e non fanno distinzione tra aziende e singoli individui quando prendono di m… https://t.co/uOucUWZf7W
Estimated reading time: 5 minutes SNYPR è uno strumento di analisi della sicurezza in grado di trasformare i Big… https://t.co/oies7e0nYY
Estimated reading time: 5 minutes Con l’avvento delle piattaforme di big data, le aziende che si occupano di sicu… https://t.co/MSvA0dPgiE
Estimated reading time: 5 minutes With the advent of big data platforms, IT security companies can now make guid… https://t.co/aTv41eq2Ir